Article | October 30, 2018
Internet of Things (IoT) & Cybersecurity - Challenges, Benefits & Solutions
At a Glance
- Internet-of-Things (IoT) has been widely accepted at a consumer level finding its way to many applications in our daily life.
- Companies, on the other hand, understand the value IoT would bring to the business; however, they have been hesitant to invest due to security concerns, cyber attacks and the harm to the business thereof.
- Only 28% customers pay major emphasis on IoT-related cyber security strategies, this is possibly due a tangible ROI for the investment.
- Only 10% of enterprise customers expressed confidence over successfully detecting and preventing malware attacks on IoT devices.
- Assessing security risks and implementing an agile methodology can protect IoT devices from vulnerabilities and grow the IoT market to 20.4 billion devices by 2020, a rise of 12 billion in 3 years.
- This article provides an in-depth analysis of cybersecurity as it relates to IoT in the Business-2-Business (B2B) world giving you the ability to evaluate and implement IoT to better address your business needs.
Many of us have heard of consumer mobile apps such as IFTTT (If This Then That) that can allow you to turn on your iRobot vacuum cleaner from the comfort of your phone. Over the past few weeks, global consumer chains such as Dominos are hyper-connected with their consumer via IFTTT and IoT in-turn driving huge untapped revenue. There are many such applications catered to the consumers that demonstrate rapid adoption and application of Internet of Things (IoT) reflecting the transformation in the digital landscape.
Despite IoT’s success in B2C / Consumer industry, the underlying cybersecurity challenges such as identity theft, possibility of impersonation, and hacking are posing a significant hindrance in unlocking the demand for Internet of Things in the industrial, enterprise business-2-business (B2B) spheres.
The article aims to delineate the existing challenges in ensuring cybersecurity for IoT devices, the methods undertaken to resolve these issues, and the application of Azure IoT for a secure solution.
Growing Risk Landscape – How to Resolve?
It is important to consider that cybersecurity is not merely a technology hazard, rather an enterprise-wide risk. As the needs of business today surpass the boundaries of the organization, be it for communication with customers, vendors and trading partners or even co-working with third-party vendors, there emerges a need for strengthening cybersecurity to protect the business from malicious attacks. Moreover, increasing use of Internet and mobility is changing the dynamics of security, adding risk and exposure as the business is no longer contained within the predefined frame.
To avoid such risks, cybersecurity systems should consider a broader network - including but not limited to customers, collaborators, suppliers, business partners and even their alumni — holistically the entire “business ecosystem.”
What Are Some Major Security Failures in IoT History?
Here are a few real-life examples of incidents related to IoT and related security failures. These cases could have been avoided with the appropriate security protocols and enterprise investments seeking proactive solutions.
- One of the earliest IoT attacks was Stuxnet in 2010, which targeted a “smart” industrial controller utilized in nuclear facilities. The malware destroyed almost one-quarter of the centrifuges, which brought a nuclear program into halt for the next two years.
- In 2015, a Russian IoT malware brought significant impact to the electrical grids of Ukraine, leaving 230,000 people without power.
- In the following year, the famous Mirai botnet incident took place in the IoT history. Nearly 360,000 servers of Dyn servers were impacted, taking down multiple high-traffic websites. Mirai identified and infected vulnerable IoT devices. The devices were not infected until they were rebooted.
- In 2017, a hacker got access to 200,000 open printers and printed over the Internet affecting over 150,000 printers.
- Following the Mirai botnet incident, a subsequent attack took place in January 2018. Okiru, which is a variant of Mirai malware, targeted ARC processors embedded in billions of IoT products.
Top Barriers in the Investment of IoT
Companies Are Investing More on Secure Devices - Why?
The growing stringency according to the General Data Protection Regulation (GDPR) and heavy penalties in case of security failure such as a data breach is driving enterprises to invest more on secure devices.
In the 90's, there were hardly twenty (20) privacy laws globally. It is close to 100 now. This rise is an indicator why companies need to exercise caution regarding the cybersecurity in the organization.
Current State - Is IoT Security a Lower Priority for Organizations Today?
- A key reason why companies are restraining from a robust approach to IoT security is because of the fact that IoT is not a part of mainstream business operations and does not call the attention of the business leaders within.
- Only 57% enterprises plan to increase their investment on IoT in the future, whereas 19% don’t want to and 23% are unsure of the potential of IoT in generating ROI.
The above figure depicts that only 28% organizations pay major emphasis on IoT security strategy. The surprising fact is that more than one-third considers IoT security to be not that important.
Pointing the Shortfalls in IoT Device Security
As per Capgemini's 2017 report, a significant amount of compromise in IoT cybersecurity takes place in the device-making stage, for which details are as follows:
- 52% organizations ignore the security of their devices since the inception of the development phase.
- 51% companies don’t give remote updates to their devices.
- A handful of 20% organizations recruit IoT security experts.
- Only 35% insists security researchers to find out vulnerabilities in their devices.
In this fast-growing IoT market, companies often battle time constraints leading to a rush in the design and development of products. This makes them overlook the aspect of security possibly resulting in severe consequences- data breach. The solution to these problems is designing devices with strong IoT security architecture.
A Glimpse into IoT Security Architecture & Its Principles: How Does It Ensure Security?
To build an end-to-end, secured IoT solution, you need to strengthen four significant layers of an IoT security architecture:
It refers to the physical product, the hardware level. In this layer, ODMs and OEMs integrate more security features to uptake the standard of security protection in the hardware. A few of the features are as follows:
- Introducing chip security in the trusted platform module (TPM) form to prevent release of information outside the chip
- Ensuring secure booting so that only verified software functions on the device
- Safeguarding the device with an additional physical security protection in the form of a metal shield covering internal circuitry in events of intruder attack
Apart from these security features devices should be smart enough to deal with encryption, security, authentication, timestamps, connection loss etc. Introducing edge processing helps to process data locally before sent to the cloud, erasing the need to release huge bulk of sensitive information to cloud.
It refers to the network over which secure transmission of encrypted data takes place.
- Implementing security solutions that are data-centric, which transmit encrypted data, so even if intercepted becomes meaningless without security codes to unlock them.
- Arranging firewall systems to spot unexpected intrusions and prevent malicious actions on the communication layer.
The device instead of attending to incoming connections should initiate the connection to the cloud. Such connection facilitates a bi-directional channel, from where the IoT device can be remotely controlled – an essential feature. Also, providing facilities like double encryption, queuing, filtering etc. contributes in establishing a safe communication layer with controlled accessibility.
It mainly denotes the software backend of the IoT solution, where data is analysed and elucidated to generate useful insights and execute actions.
- Encrypting the data stored in the cloud to fail cyberattacks
- Double checking those third-party connections who want to establish contact with your server to safeguard yourself from malicious activity
- Validating the authenticity of third-party networks with digital certificates - an ‘asymmetric, encryption based, authentication system’
Lifecycle Management Layer
It refers to the continuous processes of keeping IoT solution security up-to-date. The manufacturing team needs to ensure that sufficient security standards are met in all spheres such as device manufacturing, initial installation, and finally the disposal of things.
- Frequent activity monitoring can better enable tracking, logging and pointing untrustworthy actions.
- Regular security patches to keep the system up-to-date, reinforce resistance against strikes and resolve possible vulnerabilities.
- Secure remote control to maintain billions of IoT devices hassle-free, without entertaining incoming connections but establishing bi-directional connections.
Effective Strategies and Practices That Can Counter Cyber Attack
It is essential for manufacturers to understand the customer utilization of devices. Keeping track of it over a period helps analyse evolving security needs and identifying unmet requirements. Having sound knowledge of the practical security issues faced by customers helps manufacturers research and invest in right solutions.
Second, manufacturers should embed secured development practices within the device, both in its hardware and software components. The team should also collaborate with third-party solution providers to get additional solutions. A strong IoT ecosystem must have inherent solutions for access interface, data, apps, and device layers. As per the Bain survey, respondents have referred access interface layer offering the highest level of protection.
Third, IoT devices should be equipped to that quality to be able to filter themselves from known vulnerabilities. Having such a feature resolves the concern of customers to a great scale as they often install new devices without understanding the vulnerabilities those contain. Employing a vulnerability scanning test or removing those across layers can aid in reaching the security standard.
Finally, continuous testing for resolving new vulnerabilities, providing software and firmware updates, prioritizing feature and functionality upgrades with the top market solutions are necessary during the warranty period.
Is Azure IoT the Solution You Need?
The best way to ensure the security of IoT ecosystem is by setting a balance between security measures and protection goals. Failing this balance results in shortfall in protection or overprotection which hinders the regular operational flow. In this context, Azure IoT is a solution that assesses the risks on the IoT device and then invests in the out-of-the-box customised solutions to mitigate such risks.
It offers hardware security modules (HSM) – a secure silicon hardware technology to mollify malicious attacks. Rather than coerce the use of one HSM for security tightening, Azure IoT takes a more customizing and accommodating approach. Azure IoT security manager enables all to meet custom security goals using technologies of choice.
IoT in Chemical Industry - Benefits, Security Challenges & Solutions
Without an exception, cybersecurity is a major concern in the chemical industry hindering the use of Internet of Things. Businesses that have embraced IoT have exhibited significant growth and rapid ROI. They have been able to experience progress in quality, productivity, safety, maintenance, energy savings, and decision making, exposing their network infrastructure in the process.
Application of IoT in the Chemical Industry is endless. Here are just a few benefits of IoT in the chemical industry:
- Monitoring via equipment sensors and in-memory analytics cut down unplanned downtime and unpredictable higher maintenance cost
- With integration of PLCs with ERP systems, Plant Managers and Production Supervisors can receive text messages when a reactor gets overheated during the production of a batch. IoT can facilitate a 2-way communication to shut-off or take appropriate action protecting the company from significant exposure to accidents and unplanned events
- Using big data and predictive analysis across thousands of batches helps to bring the predictive quality
- Applying connected sensors to monitor energy consumption aids in controlling cost, ensuring compliance, greener operations
Despite the benefits, you should not forget chemical industry can be a prime target of cyber attacks. So, what measures does this industry need to adopt to mitigate such risks?
Chemical companies should initiate strengthening physical security, data systems security, and industrial systems security. How will you manage such loads of sensitive data?
The best approach is to accumulate the entire data in a repository so that it becomes easier to locate the unauthorized access and those connections can be immediately cut down by locking down systems to prevent further intrusion.
IoT in Pharma Industry - Benefits, Security Challenges & Solutions
The emergence of IoT has brought significant changes in the pharmaceutical industry: From keeping a track of the production line, to inspecting the process in the supply chain, to improving patient outcome - IoT is revolutionizing the way drugs are manufactured, delivered and consumed.
- An American pharma company that utilizes vacuum pump to freeze-dry drugs by reducing humidity lost products worth $20 million when their $3,500 pumps broke down. After facing the huge loss, the company enabled IoT sensors to its pumps and other machinery, taking IoT and big data analytics services from Bigfinite. The sensors collect data, which is stored in the cloud-based platform. And the company is notified prior if any breakdown is likely to occur, so that the company takes preventive measure before the production is affected.
- When the refrigerator of a pediatrician malfunctioned in 2014, the entire batch of vaccine got wasted as it was kept in lower than the recommended temperature to preserve vaccines. In two years span (2014-15), the organization had to complete revaccination for more than 4000 kids.
- IoT devices accumulate valuable data and send it to manufacturers in real time. A French pharma company that deployed a cellular-based IoT platform once got an alert notifying temperature drop than the recommended level on a drug shipment, which was heading to North America. On receiving the information in real-time the company was able to fix the en route.
It cannot be denied that IoT offers significant benefits to the pharmaceutical industry. The real-time data obtained by deploying IoT sensors contribute in improving operational efficiency of the entire organization - starting from manufacturing, to monitoring, to distribution, and finally to control-in transit; but the need should not be overemphasized. Ensuring safety of data should be the utmost concern, as a breach can cost you in billions. Moreover, it poses a threat on the company’s repute. Especially, when dealing with third-parties vigilance should be more stringent.
- Per Bain the purchase of IoT devices will increase by 70% if the concerns of top executives are resolved.
- In addition, 93% of the executives expressed their intent to pay an average of 22% more for devices with finer security.
- IoT devices have the ability to collect and share critical information in real-time. This gives you the ability to leverage IoT in more applications than ever before. A French Pharma company that deployed a cellular-based IoT platform received an alert notifying a drop in temperature than the recommended level on a critical shipment enroute to North America. This alert allowed the company to take immediate action and save the shipment, avoiding millions in losses.
- Establishing standards in a growing technology takes time and requires investments in areas of exposure. Internet of Things is one such technology which offers great benefits to a business. Its adoption is on a meteoric rise due to the benefits, cost savings and visibility into operations.
- Advancing security systems within the organization can be your initial step in minimizing the exposure to threats. It is essential to look beyond the current business to get an edge over hackers with profound cyber threat detection capabilities. Get a good understanding of your business environment to proactively address and fix the security loopholes.
- If security is beefed up to prevent a malware attack, there are no barriers to the adoption of IoT.
All statements and/or opinions expressed in this article were based on experience and / or third party materials available to the authors which formed the basis of such statements/opinions. XcelPros does not warrant the accuracy, completeness, or reliability of such underlying information (or the Company’s interpretation thereof) which has formed the basis of the Company’s and/or author’s opinion. We strongly recommend that you consult an expert from XcelPros before you take action as a result of this collateral.
Microsoft Dynamics 365 for Finance & Operations has extensive out-of-the-box functionality to help manage active ingredients for both make and buy items.
A good modern-day ERP ensures stronger supplier relationships, streamlined shipping operations, and better customer communication.
If you are a chemical distribution company, it is all about optimized supply chain, warehouse and floor operations.
Production in modern-day chemical companies involves a plethora of unforeseen challenges.